-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-09-16-2024-10 macOS Ventura 13.7

macOS Ventura 13.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121234.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: macOS Ventura
Impact: An app may be able to leak sensitive user information
Description: The issue was addressed with improved checks.
CVE-2024-44129

App Intents
Available for: macOS Ventura
Impact: An app may be able to access sensitive data logged when a
shortcut fails to launch another app
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-44182: Kirin (@Pwnrin)

AppKit
Available for: macOS Ventura
Impact: An unprivileged app may be able to log keystrokes in other apps
including those using secure input mode
Description: A logic issue was addressed with improved restrictions.
CVE-2024-27886: Stephan Casas, an anonymous researcher

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with additional code-signing
restrictions.
CVE-2024-40847: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2024-40814: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2024-44164: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A library injection issue was addressed with additional
restrictions.
CVE-2024-44168: Claudio Bozzato and Francesco Benvenuto of Cisco Talos

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An attacker may be able to read sensitive information
Description: A downgrade issue was addressed with additional code-
signing restrictions.
CVE-2024-40848: Mickey Jin (@patch1t)

Automator
Available for: macOS Ventura
Impact: An Automator Quick Action workflow may be able to bypass
Gatekeeper
Description: This issue was addressed by adding an additional prompt for
user consent.
CVE-2024-44128: Anton Boegler

bless
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-44151: Mickey Jin (@patch1t)

Compression
Available for: macOS Ventura
Impact: Unpacking a maliciously crafted archive may allow an attacker to
write arbitrary files
Description: A race condition was addressed with improved locking.
CVE-2024-27876: Snoolie Keffaber (@0xilis)

Dock
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed by removing sensitive data.
CVE-2024-44177: an anonymous researcher

Game Center
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A file access issue was addressed with improved input
validation.
CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to a denial-of-service
Description: An out-of-bounds access issue was addressed with improved
bounds checking.
CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero
Day Initiative, an anonymous researcher

Intel Graphics Driver
Available for: macOS Ventura
Impact: Processing a maliciously crafted texture may lead to unexpected
app termination
Description: A buffer overflow issue was addressed with improved memory
handling.
CVE-2024-44160: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Ventura
Impact: Processing a maliciously crafted texture may lead to unexpected
app termination
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2024-44161: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative

IOSurfaceAccelerator
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2024-44169: Antonio Zekić

Kernel
Available for: macOS Ventura
Impact: Network traffic may leak outside a VPN tunnel
Description: A logic issue was addressed with improved checks.
CVE-2024-44165: Andrew Lytvynov

Mail Accounts
Available for: macOS Ventura
Impact: An app may be able to access information about a user's contacts
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

Maps
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: An issue was addressed with improved handling of temporary
files.
CVE-2024-44181: Kirin(@Pwnrin) and LFY(@secsys) from Fudan University

mDNSResponder
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A logic error was addressed with improved error handling.
CVE-2024-44183: Olivier Levon

Notes
Available for: macOS Ventura
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed by removing the vulnerable code.
CVE-2024-44167: ajajfxhj

PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved validation of
symlinks.
CVE-2024-44178: Mickey Jin (@patch1t)

Safari
Available for: macOS Ventura
Impact: Visiting a malicious website may lead to user interface spoofing
Description: This issue was addressed through improved state management.
CVE-2024-40797: Rifa'i Rejal Maynando

Sandbox
Available for: macOS Ventura
Impact: A malicious application may be able to access private
information
Description: The issue was addressed with improved checks.
CVE-2024-44163: Zhongquan Li (@Guluisacat)

Shortcuts
Available for: macOS Ventura
Impact: A shortcut may output sensitive user data without consent
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2024-44158: Kirin (@Pwnrin)

Shortcuts
Available for: macOS Ventura
Impact: An app may be able to observe data displayed to the user by
Shortcuts
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSea

System Settings
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2024-44166: Kirin (@Pwnrin) and LFY (@secsys) from Fudan University

System Settings
Available for: macOS Ventura
Impact: An app may be able to read arbitrary files
Description: A path handling issue was addressed with improved
validation.
CVE-2024-44190: Rodolphe BRUNETTI (@eisw0lf)

Transparency
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A permissions issue was addressed with additional
restrictions.
CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

Additional recognition

Airport
We would like to acknowledge David Dudok de Wit for their assistance.

macOS Ventura 13.7 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboy2sACgkQX+5d1TXa
IvoOmhAA1kPpqqhEBRbskSU4pFIfX+JY/MyIrnI+6pNgMk3CLhQ5SSx0aFS2tg/c
We70hoiTA8eWMvRkYr8KYNriNstqCivg7iq84Gv4/ycJ9Hx4Zwj6pZh5If1H8y+Q
3NVsvLgnmvnAb6W7MvpXtgma47vA5xRe2oefCNe6QbcC2qnQ2xaspBZtH805IkAi
WznXdr7UXmjJyfjlgp2FifyiLYQoPXPGFOLKkBURDCxaH4SJidgvzxerU+B+1ju9
dqW29eQwTjG+qhXncTuxfUSuQ5s7g5XfVqfvcTQihUk+ZjWaMYOaUT2UYlAgDfg5
Mq35kP/Hvh8zmf+Ryufl3D+qfKpyVUUJUKu+kEMbOIoIMkCzM4F0G30czaKiGCA+
tJCEtsY/oxcbEcy8DLQbesPCv5Hf1Gv2fMkP3p/6CAYqXQ1mXQF0Vm2erKRqS+yD
N2+M+r/GFzvK4i9bf6j10kDgv9PRxPs+pH9zuU85cwhT+jZzr2dkvTC9p+mI+5CJ
AZ7ZMgTLbXDw2M4d4e6mEV3XbJ5ebNqQv9t0Hfbg3pf8YVEeAO0casIPopLK6fqi
uS7gn/3PL9C1HS2gqlekYuwiP0DSleKk9qCDUVVfmAAxTA1vHKvtvlRBO0ykN7HI
NmX+8AuFy8jnZRmZWXIbav1/EdWYg7e5SLCD+pemYLcMYSoSNXg=
=YxVI
-----END PGP SIGNATURE-----